CVE-2022-50630
Gravedad:
Pendiente de análisis
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
08/12/2025
Última modificación:
08/12/2025
Descripción
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
mm: hugetlb: fix UAF in hugetlb_handle_userfault<br />
<br />
The vma_lock and hugetlb_fault_mutex are dropped before handling userfault<br />
and reacquire them again after handle_userfault(), but reacquire the<br />
vma_lock could lead to UAF[1,2] due to the following race,<br />
<br />
hugetlb_fault<br />
hugetlb_no_page<br />
/*unlock vma_lock */<br />
hugetlb_handle_userfault<br />
handle_userfault<br />
/* unlock mm->mmap_lock*/<br />
vm_mmap_pgoff<br />
do_mmap<br />
mmap_region<br />
munmap_vma_range<br />
/* clean old vma */<br />
/* lock vma_lock again
Impacto
Referencias a soluciones, herramientas e información
- https://git.kernel.org/stable/c/0db2efb3bff879566f05341d94c3de00ac95c4cc
- https://git.kernel.org/stable/c/45c33966759ea1b4040c08dacda99ef623c0ca29
- https://git.kernel.org/stable/c/78504bcedb2f1bbfb353b4d233c24d641c4dda33
- https://git.kernel.org/stable/c/958f32ce832ba781ac20e11bb2d12a9352ea28fc
- https://git.kernel.org/stable/c/dd691973f67b2800a97db723b1ff6f07fdcf7f5a